state of the states: priorities, trends and issues · today’s state it landscape. 5) how would...
TRANSCRIPT
State of the States: Priorities, Trends
and Issues
State of Georgia March 19, 2014
Doug Robinson, Executive Director National Association of State Chief Information Officers
Fiscal recovery: CIOs still seeking IT operational cost savings, alternative IT sourcing strategies and collaboration
State CIO Balancing Act: supporting legacy, business process transformation, innovation
Cybersecurity threats! New technologies, new risks, governance is hard
Transition: systems-centric to services-centric
Continuing IT workforce retirements, skills gap, recruiting challenges
Today’s State IT Landscape
5) How would you characterize your IT budget this fiscal year? (State Government Only)
9%
8%
21%
45%
18% A. Increased by 10% or more
B. Flat
C. Reduced by up to 10% or less
D. Reduced more than 10%
E. What budget?
What percentage of your state IT workforce is eligible
for retirement in the next year? (State Government Only)
25%
8%
17%
33%
17% A. 10%
B. 20%
C. 30%
D. 40%
E. More than 40%
View from the State CIOs
Driving the Enterprise
Imperative
Balancing Legacy and Innovation
2. Consolidation/ Optimization
3. Cloud Services 1. Security
7. Mobile Services/ Mobility
6. Budget and Cost Control
8. Shared Services
10. Health Care
9. Nationwide Public Safety Broadband Network
4. Project & Portfolio Management
5. Strategic IT Planning
State CIO Priorities for 2014
Source: NASCIO State CIO Survey, November 2013
1. Cloud computing: software as a service, infrastructure, platform, storage
2. Security enhancement tools 3. Mobile workforce : technologies, solutions 4. Enterprise Resource Planning (ERP) 5. Virtualization: servers, desktop, storage, applications, data
center 6. Legacy application modernization/renovation 7. Business Intelligence (BI) and Business Analytics (BA) 8. Disaster Recovery/Business Continuity 9. Identity and access management 10.Networking: voice and data communications, unified
Source: NASCIO State CIO Survey, November 2013
IT and Solution Priorities 2014
18) When you woke up this morning what was your top pain point? (State CIOs only)
7%16%21%14%25%18% A. IT security threats
B. IT workforce
C. Supporting legacy environments
D. Lack of shared vision for technology
E. IT procurement process
F. No pain, no gain
© Grant Thornton LLP. All rights reserved.
CIOs seeking enterprise approaches and solutions - governance Cybersecurity requires governance and investment Outsourcing and the use of shared services models increasing Consolidation and cloud services growing Dissatisfied with IT procurement
Growing Maturity: IT Governance, Frameworks and Business Disciplines
Enterprise Architecture
Investment, Project and Portfolio Management, PMO
Service Level Management: itSFM, ITIL, CoBIT
Performance metrics, measures
Business transformation, change management
Enterprise IT Governance
What decisions must we make to ensure appropriate investment, management and use of IT?
Who should make these decisions?
How will we make and monitor these decisions?
Strong IT governance is even more
important when resources are
constrained. Critical to appropriate IT
investment, prioritization and oversight.
Governance: IT as Strategic Asset
© Grant Thornton LLP. All rights reserved.
IT Project and Portfolio
Management
How effective are your state's practices for oversight
of large IT projects?
Do you use a formal IT enterprise portfolio management process
to support decisions regarding planned initiatives, projects, or
ongoing IT services such as application support?
State Governments at Risk!
States are attractive targets – data!
More aggressive threats – organized crime, unorganized crime, hacktivism
Critical infrastructure protection
Lack of broad executive support
Governance and authority lacking
Data on the move
Need more training, awareness
© Grant Thornton LLP. All rights reserved.
Growing IT Security Risks in the States
Protecting legacy systems
Malicious software
Foreign state-sponsored espionage
Mobile devices and services
Use of social media platforms
Use of personally-owned devices (BYOD)
for state business
Adoption of cloud services; rogue
cloud users
Inadequate policy compliance
Third-party contractors and
managed services
Source: Deloitte-NASCIO Cybersecurity Study, October 2012
1. Unintended disclosure
2. Portable device
3. Physical loss
4. Hacking or malware
5. Insider
6. Stationary device
7. Unknown or other
Reported Causes of Government Data Breaches
Sources: Privacy Rights Clearinghouse, Rapid7 Report, US-CERT
© Grant Thornton LLP. All rights reserved.
Cybersecurity
States are adopting a cybersecurity framework and implementing monitoring capabilities.
© Grant Thornton LLP. All rights reserved.
Cybersecurity
Cybersecurity Resources Often Spent on Ineffective Activities
Hacking is easy. Targeted attacks against business and government increased to 30,000 a year in 2013 More than 90% of successful penetrations of networks required only the most basic techniques 85% of breaches took to months to discover 75% of attacks use publicly known vulnerabilities in commercial software that could be prevented by regular patching
Sources: CSIS, Symantec 2012 Threat Report, Verizon 2013
Data Breaches Report, Trustwave, US-CERT, NASCIO
Who’s Responsible for Protecting State Data?
Chief Information Officer
Information Security Officer
Agency Leaders
Data Owners
Human Resources
Legal
Employees
Third Party Contractors
Establish a governance and authority structure for cybersecurity
Conduct risk assessments and allocate resources accordingly
Implement continuous vulnerability assessments and threat mitigation practices
Ensure that the state complies with current security methodologies and business disciplines in cybersecurity
Create a culture of risk awareness.
Act and Adjust: A Call to Action for Governors for Cybersecurity
National Governors Association, September 26, 2013
IT Consolidation: A Key Strategy for Years
To address budget issues and control operational costs
Facilities: reducing data centers, equipment, operational costs
Enterprise services: networks, email, telecommunications, imaging, wireless
Server consolidation: reducing footprint, operations, security impact, backup/recovery
Applications: enterprise, similar business functions
IT personnel and staffing
Source: NASCIO-TechAmerica –Grant Thornton LLP 2013 State CIO Survey
What is the Status of IT Consolidation?
2%
9%
47%
42% Project has been cancelled
Planning stage
Project is ongoing
Project is done
Enterprise email consolidation a top priority
Source: NASCIO-NASTD Joint Survey, April 2013
© Grant Thornton LLP. All rights reserved.
Sourcing
The outsourcing of IT applications and the use of shared services models has increased significantly over the past few years. Expect managed services to grow.
Cost savings and efficiency
Flexibility and scalability
Rapid provisioning
Better data security
Cloud services as an option Move from systems-centric to services-centric
Shift spend from O&M to new services
Support collaboration, transparency, insight
States Moving Toward Technology as a Service
© Grant Thornton LLP. All rights reserved.
Cloud Services
What is your state's status regarding cloud services? 2013 2012
The state is already highly invested in cloud services
6% 15%
The state has some applications in the cloud and is considering others
68% 56%
The state is still investigating cloud services 22% 19%
The state has considered cloud services but has rejected it
2% 0
Other 2% 10%
Don’t know/does not apply 0% 0
What categories of services have you migrated or do you plan to migrate to the Cloud? (select all that apply)
E-mail and collaboration 64%
Storage 48%
Geographic Information Systems 48%
Disaster recovery 44%
Program/business applications (e.g., licensing, unemployment insurance, workers' comp, etc.)
42%
Office productivity software (e.g., word processing) 37%
Digital archives/electronic records 31%
Citizen relationship management 25%
Open Data 25%
Enterprise Resource Planning 23%
Imaging 15%
Other 15%
Business objectives
Governance
Acquisition strategy
Jurisdictional issues
Security and privacy concerns
Policy and legal issues
Exit strategy
© Grant Thornton LLP. All rights reserved.
Cloud Services
How has your state procured third-party cloud services?
2012 2013
Used an existing procurement vehicle not specifically designed for cloud services
65% 65%
Created a specific procurement vehicle for cloud services
44% 47%
Leveraged cloud services procurement vehicles created by multijurisdictional consortia
15% 31%
Leveraged cloud services procurement vehicles created by the federal government
6% 16%
Because of state procurement challenges, expect continued growth in multistate and cooperative purchasing options in 2014.
Mobile
Wireless Subscriber Units…………………..…326.4 M Wireless Only Households…………………………..35% Data Traffic on Wireless Up……………….………….69% Data Capable Mobile Devices……………..……….299 M Smartphone Users…………………………….…….…..111 M Mobile Text Messages/Month..……..............171.3 B Average Local Monthly Bill…………….….………..$47.00 Tablet Penetration – Adults…………………..……..…34%
Sources: CTIA, Forrester, Gartner, IDC, Pew
By the Numbers: Mobile Explosion in the U.S.
4%
2%
8%
58%
29%
Essential High Priority Low Priority Not a Priority Don’t Know
Within the state CIO’s strategic agenda and IT operational plans, how
would you characterize mobile devices and applications?
Mobility
Direction strategic
or ad hoc?
Policy?
Managing mobile
devices?
MDM?
BYOD?
Security and
privacy
Managing business and end-
users
Lack of technical expertise:
apps,
security
Considerations: Productivity, Data Sharing, Citizen Services, Mobile Apps, BYOD
Native apps, web or both?
Legal Issues?
Terms of Service
from apps stores?
How is your state managing mobility? 2012 2013
Totally fragmented and uncoordinated 12% 10%
A few coordinated government-wide projects and initiatives, but mostly fragmented efforts 46% 49%
Mostly coordinated government-wide projects and initiatives, a few fragmented efforts 32% 37%
All mobility projects well-coordinated government-wide 6% 0%
Don’t know/does not apply 4% 4%
What’s Trending in States…
Continued cybersecurity threats, data breaches, inadequate state response, NIST Framework
More cloud services deployed – private, managed and outsourced. Public and multi-tenant?
Focus on project/portfolio management discipline Open Data: museum to marketplace Innovation – CIO strategy and investment Analytics: Do You Think or Do You Know? More collaboration on services Innovation in IT workforce strategies
State of the States: Priorities, Trends
and Issues
Follow us…